The report also indicates that appropriate government approvals were obtained and that they protected the healthcare data appropriately. Might they have been using an appropriately secured Google cloud tool? I understand that this still doesn't tell you the country in which the data resides, but that's a lot different than posting data on the open internet or an unsecured cloud instance.